YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 1084d200ee860518a5faf0e42d29496eea80b208ffff1bc54b3c129994d82957.

Scan Results


SHA256 hash: 1084d200ee860518a5faf0e42d29496eea80b208ffff1bc54b3c129994d82957
File size:2'112'116 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 02799d9f08b51ee85d8f5cb780434df7
SHA1 hash: a64637aa7a3aea31c5539272184c727941e33a87
SHA3-384 hash: 5481142594c65f834993ecea81d6ddd2d288d6e1e9ded209f30866c9f321ac4e6e2f075740fc64f7e02837013de6c5e2
First seen:2022-11-24 19:43:12 UTC
Last seen:Never
Sightings:1
imphash : dae02f32a21e03ce65412f6e56942daa
ssdeep : 6144:NJ1izYC7nWBzUxRCDzryA7zgJS7HowT7WGJBzsOXiTpXNMns/kSmzPj0zAzSlG6O:wsOiwQV/7WGJBzsOXaMV2Ac92
TLSH : T136A5AE80E7F947AEF2F37EF806B69791D936BC62A931C3099944251E29B1D805C70F27
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:3b6f988e-6c30-11ed-a71a-42010aa4000b
File name:43d358c.dll
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Trojan.Nanocore-5

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:MALWARE_Win_NanoCore
Author:ditekSHen
Description:Detects NanoCore
TLP:TLP:WHITE
Repository:ditekshen
Rule name:nanocore_rat
Author:jeFF0Falltrades
TLP:TLP:WHITE
Repository:jeFF0Falltrades
Rule name:nanocore_surveillance_plugin
Author:jeFF0Falltrades
TLP:TLP:WHITE
Repository:jeFF0Falltrades
Rule name:Windows_Trojan_Nanocore_d8c4e3c5
Author:Elastic Security
TLP:TLP:WHITE
Repository:elastic

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.